Transcription

2 By Published: Jan 16, :30 p.m. ET More Than 750,000 Phishing and SPAM s Launched From "Thingbots" Including Televisions, Fridge SUNNYVALE, CA, Jan 16, 2014 (Marketwired via COMTEX) -- Proofpoint, Inc., PFPT, -1.60% a leading security-as-a-service provider, has uncovered what may be the first proven Internet of Things (IoT)-based cyberattack involving conventional household "smart" appliances. The global attack campaign involved more than 750,000 malicious communications coming from more than 100,000 everyday consumer gadgets such as home-networking routers, connected multi-media centers, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks. As the number of such connected devices is expected to grow to more than four times the number of connected computers in the next few years according to media reports, proof of an IoT-based attack has significant security implications for device owners and Enterprise targets. Just as personal computers can be unknowingly compromised to form robot-like "botnets" that can be used to launch largescale cyberattacks, Proofpoint's findings reveal that cyber criminals have begun to commandeer home routers, smart appliances and other components of the Internet of Things and transform them into "thingbots" to carry out the same type of malicious activity. Cyber criminals intent on stealing individual identities and infiltrating enterprise IT systems have found a target-rich environment in these poorly protected internet connected devices that may be more attractive and easier to infect and control than PC, laptops, or tablets. The attack that Proofpoint observed and profiled occurred between December 23, 2013 and January 6, 2014, and featured waves of malicious , typically sent in bursts of 100,000, three times per day, targeting Enterprises and individuals worldwide. More than 25 percent of the volume was sent by things that were not conventional laptops, desktop computers or mobile devices; instead, the s were sent by everyday consumer gadgets such as compromised home-networking routers, connected multi-media centers, televisions and at least one refrigerator. No more than 10 s were initiated from any single IP address, making the attack difficult to block based on location -- and in many cases, the devices had not been subject to a sophisticated compromise; instead, misconfiguration and the use of default passwords left the devices completely exposed on public networks, available for takeover and use. "Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse," said David Knight, General Manager of Proofpoint's Information Security division. "Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur. Enterprises may find distributed attacks increasing as more and more of these devices come on-line and attackers find additional ways to exploit them." While IT experts have long predicted security risks associated with the rapidly proliferating Internet of Things (IoT), this is the first time the industry has reported actual proof of such a cyber attack involving common appliances -- but it likely will not be the last example of an IoT attack. IoT includes every device that is connected to the internet -- from home automation products including smart thermostats, security cameras, refrigerators, microwaves, home entertainment devices like TVs, gaming consoles to smart retail shelves that know when they need replenishing and industrial machinery -- and the number of IoT devices is growing enormously. IDC predicts that more than 200 billion things will be connected via the Internet by 2020(1). But IoT devices are typically not protected by the anti-spam and anti-virus infrastructures available to organizations and individual consumers, nor are they routinely monitored by dedicated IT teams or alerting software to receive patches to address new security issues as they arise. The result is that Enterprises can't expect IoT-based attacks to be resolved at the source; instead, preparations must be made for the inevitable increase in highly distributed attacks, phish in employee inboxes, and clicks on malicious links. Page 8 of 11

3 "The 'Internet of Things' holds great promise for enabling control of all of the gadgets that we use on a daily basis. It also holds great promise for cybercriminals who can use our homes' routers, televisions, refrigerators and other Internet-connected devices to launch large and distributed attacks," said Michael Osterman, principal analyst at Osterman Research. "Internetenabled devices represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply won't work to solve the problem." About Proofpoint, Inc. Proofpoint Inc. PFPT, -1.60% is a leading security-as-a-service provider that focuses on cloud-based solutions for threat protection, compliance, archiving & governance, and secure communications. Organizations around the world depend on Proofpoint's expertise, patented technologies and on-demand delivery system to protect against phishing, malware and spam, safeguard privacy, encrypt sensitive information, and archive and govern messages and critical enterprise information. More information is available at Proofpoint is a trademark of Proofpoint, Inc. in the U.S. and other countries. All other trademarks contained herein are the property of their respective owners. (1) [source: Media Contact: Orlando Debruce Proofpoint, Inc Contact Sarmishta Ramesh Ogilvy Public Relations Contact SOURCE: Proofpoint (C) 2014 Marketwire L.P. All rights reserved. The MarketWatch News Department was not involved in the creation of the content. STOCK REFERENCES Sponsored by PFPT % PFPT % MORE NEWS FROM & Top Stories Trending Recommended Here s why oil is rallying to its highest level this year Page 9 of 11

4 So far cheap oil hurting economy more than it s helping Dollar rises off lows on early glimpse of a second-quarter rebound Here are the boxers to follow after the Mayweather-Pacquiao fight How Ben Bernanke let down America PARTNER CENTER CONTENT FROM OUR SPONSORS 8 Cleaning Tricks Pet Owners Often Forget Vetstreet Meet GE's lovely and sleek Profile induction CNET 5 Uses For Microwaves We Can't Believe We ULIVE Cut The Cable Without Missing Out With a Crutchfield.com Page 10 of 11

Advanced Threat Detection: Necessary but Not Sufficient The First Installment in the Blinded By the Hype Series Whitepaper Advanced Threat Detection: Necessary but Not Sufficient 2 Executive Summary Promotion

Enter Symbols or Keywords SEARCH Latest News View All The Economist's Corner March 18, 2014 New York London Open Closed Tokyo Closed 3:25 PM EDT 3:24p Goldman Sachs to Tesla: You are not that special 3:23p

- 2 - Malware & Botnets The Internet is a powerful and useful tool, but in the same way that you shouldn t drive without buckling your seat belt or ride a bike without a helmet, you shouldn t venture online

Hiding in Plain Sight - Obfuscation Techniques in Phishing Attacks Threat Insight Increasingly, cybercriminals are turning to commodity software, sold on the black market or even open sourced. These kits

WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

White Paper Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks A Guide for CIOs, CFOs, and CISOs White Paper Contents The Problem 3 Why You Should Care 4 What You Can Do About It

Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

WHITE PAPER: REDUCING THE COST AND COMPLEXITY OF WEB..... VULNERABILITY.............. MANAGEMENT..................... Reducing the Cost and Complexity of Web Vulnerability Management Who should read this

How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series

Securing Your Web World Top 10 Tips to Keep Your Small Business Safe Protecting your business against the latest Web threats has become an incredibly complicated task. The consequences of external attacks,

SPEAR PHISHING AN ENTRY POINT FOR APTS threattracksecurity.com 2015 ThreatTrack, Inc. All rights reserved worldwide. INTRODUCTION A number of industry and vendor studies support the fact that spear phishing

IT & DATA SECURITY BREACH PREVENTION A PRACTICAL GUIDE Part I: Reducing Employee and Application Risks As corporate networks increase in complexity, keeping them secure is more challenging. With employees

How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There

Email is vital - but it s not your business! Businesses around the world send around 100 billion emails every day and the volume shows no sign of abating any time soon. Indeed, according to research from

FAQ Isla Q&A General What is Isla? Isla is an innovative, enterprise-class web malware isolation system that prevents all browser-borne malware from penetrating corporate networks and infecting endpoint

Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select

Defeat Malware and Botnet Infections with a DNS Firewall By 2020, 30% of Global 2000 companies will have been directly compromised by an independent group of cyberactivists or cybercriminals. How to Select

Cyber Security Threats: What s Next and How Do We Reduce the Risks? Agenda Cyber Security: A necessity! What threats exist today? What does the future hold? How do we reduce the risks? Key for Risk Reduction

2013 State of The Phish ThreatSim: 2013 State of The Phish Introduction Phishing continues to be one of the most effective attack vectors in the attacker s tool kit. A significant percentage of documented

WHITE PAPER SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM Why Automated Analysis Tools are not Created Equal SECURITY REIMAGINED CONTENTS Executive Summary...3 Introduction: The Rise

SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare

About us With an Engineering background & vast experience spanning across two decades with an expertise in Technology Marketing, Branding, Business development & Sales we set out to create a platform every

PREVENTIA Forward Thinking Security Solutions Stop DDoS Attacks in Minutes 1 On average there are more than 7,000 DDoS attacks observed daily. You ve seen the headlines. Distributed Denial of Service (DDoS)

White paper Phishing, Vishing and Smishing: Old Threats Present New Risks How much do you really know about phishing, vishing and smishing? Phishing, vishing, and smishing are not new threats. They have

TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these

White Paper Spear Phishing Attacks Why They are Successful and How to Stop Them Combating the Attack of Choice for Cybercriminals White Paper Contents Executive Summary 3 Introduction: The Rise of Spear

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS ftrsecure.com Can You Separate Myths From Facts? Many Internet myths still persist that could leave you vulnerable to internet crimes. Check out

What is Really Needed to Secure the Internet of Things? By Alan Grau, Icon Labs alan.grau@iconlabs.com The Internet of Things (IoT) has become a ubiquitous term to describe the tens of billions of devices

Top five strategies for combating modern threats Is anti-virus dead? Today s fast, targeted, silent threats take advantage of the open network and new technologies that support an increasingly mobile workforce.

Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade

McAfee Endpoint Protection for SMB You grow your business. We keep it secure. Big Protection for Small to Medium-Sized Businesses With the Internet and connected devices now an integral part of your business,

FOUR ESSENTIAL Cybersecurity Tips for Startups and Small Businesses Cybercrime is a Big Problem for Small Business As you know, there s nothing small about the small business sector. According to the U.S.

Postini White Paper Email Security for Small Businesses: What's the Right Solution For You? The Small Business Dilemma: Fighting Growing Email Threats with Fewer Resources Many small businesses today face

A DIGITAL LIFE E-GUIDE What to Expect When You re Connecting Did you remember to lock the door? When you re not at home, this question can cause a lot of anxiety. Before, you d probably make a mad dash

The Cost of Phishing Understanding the True Cost Dynamics Behind Phishing Attacks A CYVEILLANCE WHITE PAPER MAY 2015 Executive Summary.... 3 The Costs... 4 How To Estimate the Cost of an Attack.... 5 Table

Are organizations completely ready to stop cyberattacks? A research survey details the security perspective of IT decision makers in the US, UK, and Australia on resourcing, preparedness, and management

WEB PROTECTION Features SECURITY OF INFORMATION TECHNOLOGIES The web today has become an indispensable tool for running a business, and is as such a favorite attack vector for hackers. Injecting malicious